Handling Personal Data Handling Data: Organizations and Data Handling Handling Personal Data

It’s the law Transcript: Customer: I would like to apply for a credit card. Clerk: I will first process the information on your application form. Customer: That’s fine. Clerk: Oh dear, I’m afraid your application has been declined. Customer: Why? Clerk: According to the credit reference records you have not paid previous credit card companies. Customer: That cannot be me! This is my first credit card! Clerk: I’m afraid I cannot change the data. However, if you write to this address you can find out more details… and have the records changed if you can prove they are wrong. “The data was not updated. It is showing the details of previous residents at that address”.

Transcript: Police Officer: Is this your car? Driver: Yes. Police Officer: Can I see your driving license? Driver: Sure. Police Officer: You will have to accompany me to the station. Driver: Pardon? Police Officer: I have just run a check on this car and it was reported stolen yesterday! Driver: But it’s my car! “Wrong license number entered into the computer”.

Transcript: Customer: I would like to withdraw some money. Bank clerk: Can I have your details please? Customer: Here’s the book with details of my account. Bank clerk: I’m sorry sir, I cannot give you any money. Customer: Why? Bank clerk: According to my records you are dead! “What went wrong there?”

To try and minimize situations like those on the previous slides, the Data Protection Act was passed in 1984 and revised in 1998. This law covers the use of data on living individuals that is stored on a computer. Data users (organizations) who keep such data must register with the Data Protection Registrar. They must give details of: the type of personal data that is going to be held how the data will be obtained who the data will be passed on to whether the data is being transferred to other countries why they need to use the data.

The Data Protection Act says data must be: acquired lawfully used for the purpose that it was acquired relevant: only the data needed should be collected accurate and up-to-date kept only until needed accessible to the individual and, where necessary, be able to have data corrected or removed be kept in a secure place to avoid loss or damage transferred to other organizations only with the consent of the individual (the data subject).

accidental loss of data Watch out! Beware of: hackers accidental loss of data viruses.

Steps to protect data To protect against malicious acts: use passwords to protect files; change passwords regularly encrypt data before sending it through a network use a firewall and up-to-date virus scanning software use an activity log to track use give people different levels of access as required make files read-only to avoid deletion keep computers in locked rooms.

To protect against viruses: scan all incoming e-mails ensure that virus software is always up-to-date do not open suspicious e-mails. To protect against accidental loss and damage: always keep a back-up of all data keep the back-up copy away from the computer do not remove the back-up disk until the back-up is completed and the disk light switched off.

Summary The Data Protection Act was set up in 1984 and revised in 1998. It only covers data about living individuals. It only covers data stored on a computer. Data users (organizations) that hold such data must register with the Data Protection Registrar. There are eight different principles that make up the Data Protection Act. Data can be lost because of a number of reasons; a virus, hackers, or through accidental damage of files. There are a number of steps that can be taken to avoid loss of data. What can I remember? The End